Move authorization checks to merge services instead relying solely on external checks.
Adds the ground work for writing into the merge ref refs/merge-requests/:iid/merge the merge result between source and target branches of a MR, without further side-effects such as mailing, MR updates and target branch changes.